CN103796199A - Authenticable asymmetrical group secret key negotiation method in mobile unbalanced network - Google Patents

Abstract

The invention relates to an authenticable asymmetrical group secret key negotiation scheme in a mobile unbalanced network. The scheme comprises the steps that signature and authentication of group members are carried out, group members negotiate an asymmetrical shared secret key, and consistency verification of the shared secret key is carried out. According to the signature and authentication, a short signature mechanism of mobile equipment in a network is achieved by adopting a bilinear mapping technology, and members of mobile groups provide identify authentication by using the signature before the group secret key is negotiated to defense active attack of adversaries. According to step that the group members negotiate the asymmetrical shared secret key, all mobile equipment in the mobile unbalanced network negotiates a pair of asymmetrical group communication encryption/decryption secret keys, and members outside the group can send secret messages to members inside the group by encrypting the secret messages through a public key without the necessary of joining the group. According to the consistency verification of the shared secret key, after the group members negotiate the group secret key, the accuracy and the consistency of the calculated group secret key can be guaranteed. According to the authenticable asymmetrical group secret key negotiation scheme in the mobile unbalanced network, when secret communication is carried out among mobile group equipment in the mobile network environment, safe communication among the group equipment can be guaranteed, energy consumption of calculation and communication is quite low, and good flexibility, safety and practicability are achieved.

Description

In mobile unbalanced network, can authenticate the secret key machinery of consultation of asymmetric group

Technical field

The present invention relates to the secret key negotiation scheme of safe group under a kind of mobile network environment, particularly under a kind of mobile unbalanced network environment, authenticate the secret key negotiation scheme of asymmetric group, belong to network communication security fields.

Background technology

A lot of complicated cryptographic system designs all depend on existing hidden passageway between communication in many ways. group key agreement (group key agreement, GKA) main purpose of Protocol Design is the hidden passageway that a safety is provided for two or more group members, be widely used in collaborative calculating and Distributed Calculation field, as Secure calculates, file-sharing and distribution, video conference and group chat system. briefly, GKA agreement is in open network environment, to consult calculate a common key by mutual exchange message for group member, this key adds the secret key of encryption and decryption as group member transmission of information. because this decruption key only has group, inner member knows, encrypt so only have group member to decrypt the ciphertext that secret key is encrypted.

The key agreement protocol that can authenticate requires group member that reliable proof of identification is provided in the time of key agreement, only have the legal member of identity can participate in group key agreement, guarantee that any member outside group can not participate in group key agreement, even active attack person is no exception.The GKA that can authenticate can resist positive attack, is an important indicator of GKA research.

In real applied environment, group key agreement is as public key encryp, any one member may be a potential information publisher, not only be confined to the internal staff of group and utilize this safe lane exchange message, outside group, member also may utilize this channel to send classified information to this group.Traditional study limitation could send secret information each other in the inner member of group.Asymmetric group key agreement (asymmetric group key agreement, ASGKA) scheme allows group member to consult a common common encryption key, not only can make between group member exchange secret information mutually with this PKI, can also make the outside member of group issue secret information to group member.

In mobile radio network, the topological structure that network is unstable, group member adds or to exit group comparatively frequent, and the secret key of static group consults not to be suitable for mobile wireless network environment.Dynamic GKA agreement has better flexibility and practicality.

In view of the secret key of group of current research is consulted, its amount of calculation and the traffic are not suitable for more greatly in the mobile unbalanced network environment of energy constraint, in existing technology also not about authenticating the secret key negotiation scheme of asymmetric group in mobile unbalanced network environment.

Summary of the invention

The object of the invention is the feature for mobile unbalanced network, provide a kind of being applicable to authenticate the secret key negotiation scheme of asymmetric group under this environment, in mobile unbalanced network, set up a kind of safe hidden passageway between various mobile devices, ensure the secure communication between group.Consult for the secret key of group adapting under mobile unbalanced network environment, the present invention adopts two-wire mapping techniques to realize and can authenticate, dynamic, asymmetric group key agreement.This scheme makes group member consult before cluster conversation key must be through signature authentication, and each participation member is when obtaining the cluster conversation key of negotiation, can calculate group's PKI that cluster conversation key is corresponding, to realize asymmetric encryption secure communication.Considered the dynamic of group member, scheme adopts single group member to change cryptographic key factor and realizes dynamically updating of group key, so that exiting of group member and adding of newcomer.

Technical scheme of the present invention is: in mobile unbalanced network, can authenticate the secret key machinery of consultation of asymmetric group, adopt bilinear map to realize horde group membership in mobile unbalanced network and consult to set up a pair of shared secret key of asymmetric cluster conversation, its step is as follows:

(1) signature of group member and authentication;

(2) group member is consulted the asymmetrical secret key of sharing;

(3) consistency checking of shared secret key;

In described step (1), signature and the authentication of group member are:

1. group member U _i(1≤i≤n-1) long-term private sk _iand PKI pk _igeneration;

2. group member U _ishort signature algorithm;

3. compared with macro-energy node U _nby group member U _ithe short label that provide are verified each member U _iidentity;

In described step (2), the asymmetrical shared secret key of group member negotiation is:

1. group member U _i(1≤i≤n-1) selects needed secret key parameter in the secret key negotiations process of group at random, and this secret key parameter is signed, and these secret key parameters and signature are sent to compared with macro-energy node U _n;

2. compared with macro-energy node U _nauthentication group member U _iidentity, and random select relevant secret key parameter, and the signature of this secret key parameter, these secret key parameters and signature are sent to group member U _i(1≤i≤n-1);

3. compared with macro-energy node U _ncalculate each member U _isecret key parameter, and the secret key parameter that these secret key parameters are chosen at random together with oneself is combined into the secret key of a pair of asymmetrical shared group;

4. each member U _ireceive U _nafter the signature and secret key parameter sending, to U _ncarry out authentication, and by U _nthe secret key parameter sending goes out the secret key of a pair of asymmetrical shared group together with the secret key calculation of parameter of oneself;

The consistency checking of sharing secret key in described step (3) is:

1. the each member of group verifies that whether the secret key of group of negotiation is consistent, and whether the secret key of group of calculating is identical.

In described mobile unbalanced network, can authenticate the secret key machinery of consultation of asymmetric group, adopt bilinear map technology to realize short signature and authentication; The secret key of group is consulted to realize asymmetry, negotiates the secret key of a pair of asymmetrical group encrypt/decrypt; By group key agreement step, realize the confidential corespondence between group member:

Encrypt: any message sends member and selects

with the PKI calculating d=tg of group consulting ₁, then the ciphertext c=< δ of broadcast enciphering message, η >;

Deciphering: each member receives ciphertext c=< δ, after η >, obtains clear-text message with consulting the private key dk of group decrypting ciphertext $m=\mathrm{\&eta;}\&CirclePlus;H_2\left(e(\mathrm{\&delta;},\mathrm{dk})\right).$

1. method of the present invention proposes based on Bilinear Groups is theoretical, and theoretical foundation of the present invention is summarized as follows:

A) Bilinear Groups

The definition of given first bilinear map, supposes G ₁, G ₂module, G ₃multiplicative group, and G ₁, G ₂and G ₃on discrete logarithm be difficult, group G ₁and G ₂be a pair of Bilinear Groups, establish G ₁=<g ₁>, G ₂=<g ₂> and G ₃that rank are the cyclic group of prime number q,

g ₁to G ₂isomorphism mapping

e is computable mapping, e:G ₁× G ₂→ G ₃,

Character 1 bilinearity, to all g ₁∈ G ₁, g ₂∈ G ₂, and

there is e (ag ₁, bg ₂)=e (g ₁, g ₂) ^ab;

Character 2 non-degeneracies, i.e. e (g ₁, g ₂) ≠ 1;

, there is effective algorithm, for g in character 3 computabilitys ₁∈ G ₁, g ₂∈ G ₂can calculate e (g ₁, g ₂).

For above definition, we can define following double linear problems of difficulty for solving:

1) discrete logarithm problem. establish g ₁, g ₁' ∈ G ₁, find an integer a and make g ₁'=ag ₁;

2) Bilinear Inverse Diffe-Hellman (BIDH) problem. suppose a tlv triple (g ₁, ag ₁, bg ₁) ∈ G ₁, for arbitrarily $a,b\&Element;Z_q^{*},$ Calculate

3) Decisional Bilinear Diffe-Hellman (D-BDH) problem. suppose a four-tuple (g ₁, ag ₁, bg ₁, cg ₁) ∈ G ₁, for arbitrarily

judge whether c=ab mod q.

2. asymmetric definition:

A group key agreement agreement Π is asymmetrical, if this key agreement successfully finishes, and has

or

wherein

be respectively any two and participate in key agreement member u _k, u _j, (the public/private key pair of group of k ≠ j) calculate.

3. the secret key negotiation scheme of group

A) scheme proposing needs three-wheel information exchange to consult the public/private secret key pair that group shares, and supposes and pk _i(pk _i=sk _ig ₁) be group member U _i(long-term private of 1≤i≤n) and long-term PKI.The secret key of group is consulted as follows:

1) first, each low-yield node member U _i(1≤i≤n-1) chooses any two random numbers

and calculate R _i=r _ig ₁, T _i=(m _i+ sk _i/ r _i) g ₁, M _i=m _ipk _n, then U _iby message (U _i, R _i, T _i, M _i) send to the node U that energy is higher _n(1≤i≤n-1).

2) high-energy node U _nreceive each low-yield node U _imessage (the U sending _i, R _i, T _i, M _i) after (1≤i≤n-1), U _nchecking equation

whether set up, if each equation set up, U _ncan determine message (U _i, R _i, T _i, M _i) (1≤i≤n-1) be member U _iinstitute sends.Then U _nrandom two numbers of selecting

and calculate R _n=r _ng ₁, T _n=(m _n+ sk _nr _n) g ₁, $\mathrm{PK}=\underset{i=1}{\overset{n-1}{\mathrm{\&Sigma;}}}{\mathrm{pk}}_i,\mathrm{RT}=\underset{i=1}{\overset{n-1}{\mathrm{\&Pi;}}}e(R_i,T_i),$ P=m _nPK， $Q={\mathrm{RT}}^{m_n^2},$

u _nby these message (U _n, X ₁, X ₂..., X _n-1, R _n, T _n, Q, P) and be broadcast to the node that energy is low, U _ngroup be can calculate and PKI ek=(Q, P), f shared _n=m _ng ₁share private key with group

3) each member U _j(1≤j≤n-1) receives U _nbroadcast after, checking equation

whether set up, if equate U _jcan determine message (U _n, X ₁, X ₂..., X _n-1, R _n, T _n, RT, PK) and be U _ninstitute sends.Then each member U _j(1≤j≤n-1) calculates group and shares PKI ek=(Q, P),

share private key with group $\mathrm{dk}=e(f_j,\underset{j=1}{\overset{n-1}{\mathrm{\&Sigma;}}}{X}_j)=e({\mathrm{<figure-callout\; id="1"\; label="m\; n\; g"\; filenames="HDA0000467247740000021.png"\; state="\{\{state\}\}">m</figure-callout>}}_n{g}_{}{}_1,\underset{j=1}{\overset{n-1}{\mathrm{\&Sigma;}}}{X}_j).$

4) all group members calculate after the shared PKI of group and group's private key, checking equation e (P, f _j) whether dk=Q sets up, if equation establishment, ek and the dk of all members' calculating are correct, and the shared PKI of group and group's private key that all members calculate have consistency.

4 group member exit protocols

A) in the time that certain member of group or part member exit group, in order to ensure the secure communication between group, upgrade the secret key of original group and be necessary, suppose the low-yield mobile node of part

exit group, group member exit protocol is as follows:

1) be about to the node U that exits _i(j+1≤i≤n-1) notifies U _nthey want to exit group;

2) U _nupgrade group member set $\stackrel{\&OverBar;}{U}=\{{\mathrm{<figure-callout\; id="1"\; label="U"\; filenames="HDA0000467247740000021.png"\; state="\{\{state\}\}">U</figure-callout>}}_1,...U_{i-1},U_{i+1},...,U_n\},$

3) U _nchoose arbitrarily two random numbers

be calculated as follows parameter: R' _n=r ' _ng ₁, T ' _n=(m' _n+ sk _nr ' _n) g ₁, ${\mathrm{PK}}^{\&prime;}=\underset{1\&le;j\&le;n-1,j\&NotEqual;i}{\mathrm{\&Sigma;}}{\mathrm{pk}}_j,{\mathrm{PT}}^{\&prime;}=\underset{1\&le;j\&le;n-1,j\&NotEqual;i}{\mathrm{\&Pi;}}e(R_j,T_j),$ P'=m' _nPK'， $Q^{\&prime;}={\left({\mathrm{RT}}^{\&prime;}\right)}^{m_n^{\&prime;2}},$ then U _nbroadcast parameter (U _n, X ' ₁, X' ₂..., X ' _i-1, X ' _i+1..., X' _n-1, R' _n, T ' _n, Q', P') and to other member of group.U _ngroup be can calculate and PKI ek'=(Q', P') and f ' shared _n=m' _ng ₁share private key with group ${\mathrm{dk}}^{\&prime;}=e(f_n^{\&prime;},\underset{1\&le;j\&le;n-1,j\&NotEqual;i}{\mathrm{\&Sigma;}}{X}_j^{\&prime;});$

4) other member of group receives U _nbroadcast after, each member U _j(1≤j ≠ i≤n-1) verifies equation

whether set up.If this equation is set up, each member U _jcan guarantee message (U _n, X ' ₁, X' ₂..., X ' _i-1, X ' _i+1..., X' _n-1, R' _n, T ' _n, Q', P') and be U _ninstitute sends.Then U _j(1≤j ≠ i≤n-1) can calculate

pKI ek'=(Q', P') shares in group and private key is shared by group ${\mathrm{dk}}^{\&prime;}=e(f_j^{\&prime;},\underset{1\&le;j\&le;n-1,j\&NotEqual;i}{\mathrm{\&Sigma;}}{X}_j^{\&prime;})=e(m_n^{\&prime;}{\mathrm{<figure-callout\; id="1"\; label="g"\; filenames="HDA0000467247740000021.png"\; state="\{\{state\}\}">g</figure-callout>}}_1,\underset{1\&le;j\&le;n-1,j\&NotEqual;i}{\mathrm{\&Sigma;}}{X}_j^{\&prime;});$

5) all group members calculate after the shared PKI of group and group's private key, checking equation e (P', f ' _j) whether dk'=Q' set up.If equation is set up, ek' and dk' that all members calculate are correct, and the shared PKI of group and group's private key that all members calculate have consistency.

5 group members add agreement

In the time having newcomer or part newcomer to add existing group, existing group provides the fair secret key information of group should to new member, and should guarantee that any member of newly arriving can not calculate group's shared private key before.Suppose the new low-yield mobile node of part

want to add existing group, suppose the U of newly added node _k(long-term private of n+1≤k≤l) and long-term PKI are respectively

and pk _k(pk _k=sk _kg ₁), group member adds agreement as follows:

1) U _nupgrade new group member set

2) newcomer its identity information is sent to node U _n,

choose arbitrarily two random number m _k, and calculate R _k=r _kg ₁, T _k=(m _k+ sk _k/ r _k) g ₁, M _k=m _kpk _n, then each newcomer U _ksend message (U _k, R _k, T _k, M _k) to U _n;

3) U _nreceive the message (U of each newly added node _k, R _k, T _k, M _k) (after n+1≤k≤l), U _nchecking equation

whether set up, if this equation establishment, U _ncan guarantee message (U _k, R _k, T _k, M _k) (n+1≤k≤l) is U _kinstitute sends.Then U _nchoose arbitrarily two random numbers

and calculate R " _n=r " _ng ₁, T " _n=(m " _n+ sk _n/ r " _n) g ₁, p "=m " _n(PK+PK "), $Q^{\&prime;\&prime;}={(\mathrm{RT}+{\mathrm{RT}}^{\&prime;\&prime;})}^{m_n^{\&prime;\&prime;2}},X_i^{\&prime;\&prime;}=m_n^{\&prime;\&prime;}{\mathrm{sk}}_n^{-1}{M}_i(1\&le;i\&le;l,i\&NotEqual;n),$ U _nbroadcast (U _n, X " ₁, X " ₂..., X " _n-1, X " _n+1..., X " ₁, R " _n, T " _n, Q ", P ") gives group inner all members.U _ncalculate f " _n=m " _ng ₁, PKI ek "=(Q " shares in group, and private key is shared by P ") and group

4) the inner each member U of group _i(1≤i≤l, i ≠ n) receives U _nbroadcast after, checking equation

whether set up, if this equation establishment, member U in group _i(1≤i≤l, i ≠ n) can guarantee message (U _n, X " ₁, X " ₂..., X " _n-1, X " _n+1..., X " _l, R " _n, T " _n, Q ", P ") is U _ninstitute sends.Each U _i(1≤i≤l, i ≠ n) can calculate f " _i, PKI ek "=(Q " shares in group, and private key is shared by P ") and group

5) all group members calculate after the shared PKI of group and group's private key, checking equation e (P ", f " _i) whether dk "=Q " set up.If equation is set up, the ek " and dk " that all members calculate is correct, and the shared PKI of group and group's private key that all members calculate have consistency.

The confidential corespondence of 6 groups

For any clear-text message m ∈ M ^*(M ^*: expressly space), have arbitrarily group and share PKI ek and group and share the group member U of private key dk _j(1≤j≤n) can be done as follows:

Encrypting messages sender chooses arbitrarily random number and calculate

then by cipher-text message c=< δ, η > is broadcast to group member;

Other member of decrypt group receives cipher-text message c=< δ, and after η >, the shared private key dk of member's available groups decrypts clear-text message arbitrarily $m=\mathrm{\&eta;}\&CirclePlus;H_2\left(e(\mathrm{\&delta;},\mathrm{dk})\right).$

The invention has the beneficial effects as follows: the solution of the present invention comprises the more New Deal of the secret key of confirmability, asymmetry and group that the secret key of group is consulted.Confirmability, adopts bilinear map technology to realize the short signature mechanism of mobile device in network, and horde group membership carries out the secret key of group again and consults to provide authentication with this signature before, in case the active attack of the hand of resisting the enemy; Asymmetry, in mobile unbalanced network, each mobile device negotiates the secret key of a pair of asymmetrical group communication encrypt/decrypt, makes the member outside group to send to the inner member of group with public key encryption secret information, and needn't add among group; The secret key of cluster conversation upgrades, and when some group member exits or adds this group, the secret key of group needs to upgrade, to guarantee the freshness of the secret key of group.The present invention between mobile group device when confidential corespondence, can guarantee the secure communication between group device in mobile network environment, calculate and communication energy consumption lower, and there is good flexibility, fail safe and practicality.

Accompanying drawing explanation

Fig. 1 is mobile unbalanced network structure chart;

Fig. 2 is the secret key negotiations process of the asymmetric group of mobile unbalanced network environment.

Embodiment

In present embodiment, non-equilibrium mobile network is made up of a high-energy node and multiple low-yield node, as shown in Figure 1.The resource-constrained of low-yield node, its amount of calculation of the least possible minimizing and the traffic.High-energy node has more resource, its amount of calculation and traffic of sharing low-yield node as much as possible.The secret key of group is consulted to be divided into two stages: the one, and the authentication before consulting, the 2nd, the secret key of group is consulted.

As shown in Figure 2, present embodiment realizes mobile unbalanced network according to following steps and can authenticate the secret key negotiation of asymmetric group.

1. the signature of group member and authentication

A) carry out the initialization of system

Suppose that there are 8 member U in group _i(1≤i≤8), wherein U ₈be a high energy node, and pk _i(pk _i=sk _ig ₁) be group member U _ithe long-term private of (1≤i≤8) and long-term PKI.

B) each low-yield node member U _i(1≤i≤7) choose any two random numbers

and calculate R _i=r _ig ₁, T _i=(m _i+ sk _i/ r _i) g ₁, M _i=m _ipk ₈, then U _iby message (U _i, R _i, T _i, M _i) send to the node U that energy is higher ₈(1≤i≤n-1).(note: realize low-yield node signature process).

C) U ₈receive each low-yield node U _imessage (the U sending _i, R _i, T _i, M _i) after (1≤i≤7), U ₈checking equation

whether set up, if each equation set up, U ₈can determine message (U _i, R _i, T _i, M _i) (1≤i≤7) be member U _isend.(note: realize high-energy node the low-yield node that participates in the secret key negotiation of group is carried out to verification process).

2. group member is consulted the asymmetrical secret key of sharing

A) can carry out with step 1 simultaneously, first, each low-yield node member U _i(1≤i≤7) choose any two random numbers

and calculate R _i=r _ig ₁, T _i=(m _i+ sk _i/ r _i) g ₁, M _i=m _ipk ₈, then U _iby message (U _i, R _i, T _i, M _i) send to the node U that energy is higher ₈(1≤i≤n-1).

B) high-energy node U ₈receive each low-yield node U _imessage (the U sending _i, R _i, T _i, M _i) after (1≤i≤7), U ₈checking equation

whether set up, if each equation set up, U ₈can determine message (U _i, R _i, T _i, M _i) (1≤i≤7) be member U _iinstitute sends.Then U ₈random two numbers of selecting

and calculate R ₈=r ₈g ₁, T ₈=(m ₈+ sk ₈/ r ₈) g ₁, $\mathrm{PK}=\underset{i=1}{\overset{7}{\mathrm{\&Sigma;}}}{\mathrm{pk}}_i,\mathrm{RT}=\underset{i=1}{\overset{7}{\mathrm{\&Pi;}}}e(R_i,T_i),$ P=m ₈PK， $Q={\mathrm{RT}}^{m_n^2},$

u ₈by these message (U ₈, X ₁, X ₂..., X ₇, R ₈, T ₈, Q, P) and be broadcast to the node that energy is low.U ₈group be can calculate and PKI ek=(Q, P), f shared ₈=m ₈g ₁share private key with group

C) each member U _j(1≤j≤7) receive U ₈broadcast after, checking equation

whether set up, if equate U _jcan determine message (U ₈, X ₁, X ₂..., X ₇, R ₈, T ₈, RT, PK) and be U ₈institute sends.Then each member U _j(1≤j≤7) are calculated group and are shared PKI ek=(Q, P),

share private key with group $\mathrm{dk}=e(f_j,\underset{j=1}{\overset{n-1}{\mathrm{\&Sigma;}}}{X}_j)=e(m_8{\mathrm{<figure-callout\; id="1"\; label="g"\; filenames="HDA0000467247740000021.png"\; state="\{\{state\}\}">g</figure-callout>}}_1,\underset{j=1}{\overset{n-1}{\mathrm{\&Sigma;}}}{X}_j).$

3. share the consistency checking of secret key

A) all group members calculate after the shared PKI of group and group's private key, checking equation e (P, f _j) whether dk=Q set up.If equation is set up, ek and dk that all members calculate are correct, and the shared PKI of group and group's private key that all members calculate have consistency.

Communication process is as follows:

ek=(Q,P) ek=(Q,P)

$\begin{array}{cc}\mathrm{dk}=e(f_j,\underset{j=1}{\overset{n-1}{\mathrm{\&Sigma;}}}{X}_j)=e(m_8{\mathrm{<figure-callout\; id="1"\; label="g"\; filenames="HDA0000467247740000021.png"\; state="\{\{state\}\}">g</figure-callout>}}_1,\underset{j=1}{\overset{n-1}{\mathrm{\&Sigma;}}}{X}_j)& \mathrm{dk}=e(f_8,\underset{i=1}{\overset{7}{\mathrm{\&Sigma;}}}{X}_i)\end{array}$

Consult by the secret key of this cluster conversation, what the inner member of group can be safe carries out confidential corespondence.

For content of the present invention and implementation method are described, provide a specific embodiment.The object of introducing in an embodiment details is not the scope of restriction claims, but helps to understand the method for the invention.One skilled in the art should appreciate that: not departing from the spirit and scope of the present invention and claims thereof, various modifications, the variation to most preferred embodiment step or to replace be all possible.Therefore, the present invention should not be limited to most preferred embodiment and the disclosed content of accompanying drawing.

Claims (2)

1. move in unbalanced network and can authenticate the secret key machinery of consultation of asymmetric group, it is characterized in that: adopt bilinear map to realize horde group membership in mobile unbalanced network and consult to set up a pair of shared secret key of asymmetric cluster conversation, its step is as follows:

(1) signature of group member and authentication;

(2) group member is consulted the asymmetrical secret key of sharing;

(3) consistency checking of shared secret key;

In described step (1), signature and the authentication of group member are:

1. group member U _i(1≤i≤n-1) long-term private sk _iand PKI pk _igeneration;

2. group member U _ishort signature algorithm;

3. compared with macro-energy node U _nby group member U _ithe short label that provide are verified each member U _iidentity;

In described step (2), the asymmetrical shared secret key of group member negotiation is:

1. group member U _i(1≤i≤n-1) selects needed secret key parameter in the secret key negotiations process of group at random, and this secret key parameter is signed, and these secret key parameters and signature are sent to compared with macro-energy node U _n;

2. compared with macro-energy node U _nauthentication group member U _iidentity, and random select relevant secret key parameter, and the signature of this secret key parameter, these secret key parameters and signature are sent to group member U _i(1≤i≤n-1);

3. compared with macro-energy node U _ncalculate each member U _isecret key parameter, and the secret key parameter that these secret key parameters are chosen at random together with oneself is combined into the secret key of a pair of asymmetrical shared group;

4. each member U _ireceive U _nafter the signature and secret key parameter sending, to U _ncarry out authentication, and by U _nthe secret key parameter sending goes out the secret key of a pair of asymmetrical shared group together with the secret key calculation of parameter of oneself;

The consistency checking of sharing secret key in described step (3) is:

1. the each member of group verifies that whether the secret key of group of negotiation is consistent, and whether the secret key of group of calculating is identical.

2. in mobile unbalanced network according to claim 1, can authenticate the secret key machinery of consultation of asymmetric group, it is characterized in that: adopt bilinear map technology to realize short signature and authentication; The secret key of group is consulted to realize asymmetry, negotiates the secret key of a pair of asymmetrical group encrypt/decrypt; By group key agreement step, realize the confidential corespondence between group member: encrypt: any message sends member and selects

with group's PKI calculating of consulting

then the ciphertext c=< δ of broadcast enciphering message, η >;

Deciphering: each member receives ciphertext c=< δ, after η >, obtains clear-text message with consulting the private key dk of group decrypting ciphertext $m=\mathrm{\&eta;}\&CirclePlus;H_2\left(e(\mathrm{\&delta;},\mathrm{dk})\right).$

Images